Is this a known attack type?

Discussion in 'other firewalls' started by sukarof, Mar 28, 2006.

Thread Status:
Not open for further replies.
  1. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    I have since yesterday afternoon been getting strange scan.
    One IP is trying to connect to my port 712. As you can see in the picture it is trying every port on the remote machine.
    I guess the remote machine is infected with something. Anyone know what malware tries to connect to port 712? And tries every port on the infected machine?

    While I am at it I´d like to know if anyone knows what the port 520 (router) scan is. I have had these entries from the same IP for a couple of months now.
    Both IP´s in the pic are from the same network (same ISP, fiber connection) as I am. My IP starts with 85.226.113.xxx too. The "attack" continues even if I change IP adress on my machine.

    And yes I am aware that I have nothing to worry about since my firewall (Tiny firewall) blocks the connection, I am just curious coz I have never seen such persistent connection attempts before or usually they dissapear when I change IP adress.
     

    Attached Files:

    Last edited by a moderator: Mar 28, 2006
  2. <DreamCatcher>

    <DreamCatcher> Registered Member

    Joined:
    Jan 6, 2006
    Posts:
    154
    Hi, sukarof

    Port 520 relates to RIP

    (RIP) Route Info Protocol.

    Used between routing hosts to advertise route table. Security Concerns: Vul to malicious route updates, which provides several attack possibilities: -- DOS network w/ bad updates. -- Route traffic to you for exploit. -- Route your attack pkts around network defenses.

    More info here and here

    Also you can find a list of ports Here
     
    Last edited: Mar 28, 2006
  3. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Thanks for for the links
     
Thread Status:
Not open for further replies.